art-dag/activity-pub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Document federated auth - no shared secrets required

Browse Source 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
gilesb
2026-01-09 17:40:38 +00:00
parent e5d1c93034
commit d244a62c48
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@@ -111,8 +111,11 @@ export L1_SERVERS=https://celery-artdag.rose-ash.com,https://renderer2.example.c
When a user attaches to an L1 server: When a user attaches to an L1 server:
1. They're redirected to the L1's `/auth` endpoint with their auth token 1. They're redirected to the L1's `/auth` endpoint with their auth token
2. The L1 sets a local cookie, logging them in 2. L1 calls back to L2's `/auth/verify` endpoint to validate the token
3. Their attachment is recorded in the `user_renderers` table 3. L1 sets its own local cookie, logging the user in
4. Their attachment is recorded in the `user_renderers` table
**No shared secrets required**: L1 servers verify tokens by calling L2's public `/auth/verify` endpoint. This allows any L1 provider to federate with L2 without needing the JWT secret.
Users can manage attachments at `/renderers`. Users can manage attachments at `/renderers`.